Use zuul firewall rules in gate
Till now we've been flusing iptables in the gates to allow cross node communication in the multi node ceph jobs. This raised security concerns, in particular it exposed memcached to the external net. This patch uses the infra provided role 'multi-node-firewall' in order to correctly configure iptables. Thanks to Jeremy Stanley and Jeffrey for help with this. Closes-Bug: #1749326 Change-Id: Iafaf1cf1d9b0227b0f869969d0bd52fbde3791a0
This commit is contained in:
parent
e66cb5d46b
commit
404d4d0a50
@ -71,6 +71,8 @@
|
|||||||
- ^doc/.*
|
- ^doc/.*
|
||||||
vars:
|
vars:
|
||||||
scenario: aio
|
scenario: aio
|
||||||
|
roles:
|
||||||
|
- zuul: openstack-infra/zuul-jobs
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: kolla-ansible-centos-source
|
name: kolla-ansible-centos-source
|
||||||
|
@ -29,10 +29,5 @@
|
|||||||
hostname:
|
hostname:
|
||||||
name: "{{ inventory_hostname }}"
|
name: "{{ inventory_hostname }}"
|
||||||
become: true
|
become: true
|
||||||
|
roles:
|
||||||
# TODO(inc0): we're dropping iptables rules but in fact we should create
|
- multi-node-firewall
|
||||||
# linuxbridge-managed tunnels for control and dataplane
|
|
||||||
|
|
||||||
- name: Drop iptables rules
|
|
||||||
command: "iptables -F"
|
|
||||||
become: true
|
|
||||||
|
Loading…
Reference in New Issue
Block a user